Introducing the Intune PowerShell SDK #Intune #PowerShell #MVPHour

Ignite is turning out to be boiling over with new technologies and ideas, and you can really feel the momentum building behind Intune.

For those of you that are struggling to customize Intune to suit your organization’s requirements, there is a collection of PowerShell scripts on GitHub maintained by David Falkus (@davefalkus) and others at Microsoft and the community that you need to start using. These scripts have become a great reference for using Graph API, which is the supported method for connecting to Microsoft 365 cloud services.

The scripts have also helped with day to day management. I often use them to backup and upload Intune settings, which cuts down the time it takes for me to stand up new Intune tenants for testing or quickly deploying a proof of concept environment.

The scripts have also been used to migrate settings from a test tenant to a production environment giving you more separation between production and test environments. I’m seeing more and more customers set up development environments as they explore new capabilities of Microsoft 365 and it just makes sense to prevent production outages.

Despite the accolades they deserve, the scripts are lengthy and can be a challenge to work with and that has pushed some of us to explore PowerShell modules that simplify the management of Intune.

A PowerShell module is a much more friendly way of consuming Graph API.

And leads me to the topic of this post, the Intune PowerShell SDK is live and you can find it (for free) on GitHub here: Intune PowerShell SDK. There is one technical requirement, your environment needs to have .Net 4.7.1 is installed if you are using Windows. There is a separate release for cloud support, Cloud Shell, which will be the topic for another post.

For simplicity’s sake, I’ve saved it to the root of my C:\ drive. Open a PowerShell prompt and go to the folder C:\net471.

Next, import the PowerShell module using the following command.

Import-Module ./Microsoft.Graph.Intune.psd1

Now let’s connect to your tenant using PowerShell.

Connect-MSGraph

For this example, the login prompt appears, but I want to connect to my test tenant so I’ll select: “Use another account”.

Enter the username for your tenant and click Next.

Enter your password and click Sign in.

This method supports multi-factor authentication, so answer the authenticator prompt to continue. And you should see output indicating the tenant you are connected to.

I’ll demonstrate the current list of commandlets by using get-command to see what is available:

Get-Command -Module Microsoft.Graph.Intune

As you can see the list is quite extensive or 1287 commandlets to be exact. Here I’ll show you how you can get a list of device configuration profiles in your tenant with the following command.

Get-DeviceManagement_DeviceConfigurations

The policies are best exported in JSON format but don’t be deceived, we need to do some formatting with PowerShell.

For now, I’ll select only one device configuration profile such as the AppLocker configuration profile by using the GUID in the ID field for the policy. The following command line will select only the AppLocker configuration profile.

The output is piped to the file so we can open the file with an editor such as Visual Studio Code to view the result.

FYI I also like extensions to help with JSON in Visual Studio Code such as the JSON Editor to add a better viewing experience with JSON documents.

This not only serves as a backup of my device configuration profile, but JSON files can easily be used to input the settings into another tenant. More on that for another day.

As you can see the Intune PowerShell module opens up a world of functionality.

If you are using Intune as a customer, ISV or consultant, I strongly urge you to get to know these PowerShell commandlets and try using them to master your Intune environment. I’ve shown you how to backup your existing policies and I recommend that as a good starting place for newcomers.

Once you have the basic mechanics down then explore some of the additional functionality contained in the module. Expect more possibilities to automate common tasks and open up new scenarios in your organization with this method for using Graph API.

Related

About The Author

Kevin Kaminski is an authority in Microsoft enterprise solutions with over 20 years of experience that ranges from device management to data center architecture. In that time, Kevin has provided leadership, technical expertise, and training to organizations large and small, which has contributed to his passion for delivering solutions-based approaches to modern IT challenges.
Working with some of Canada’s largest organizations in that time, Kevin’s knowledge and mastery have been acknowledged by Microsoft as he is currently a Microsoft MVP for Windows and Devices for IT and has been a Microsoft MVP for Microsoft Application Virtualization (App-V) for the past eleven years.
Kevin’s passion and expertise are humorously and meticulously woven into his speaking engagements, training materials, articles and consulting engagements.
Key Speaking Topics
- Application Packaging and Virtualization
- System Center Configuration Manager
- Intune
- Azure IaaS
- VDI technologies
- Windows security
- IT Governance
Some of Kevin's current projects:
- Transitioning a user population from corporate-owned devices to a BYOD
approach with a large brand name retailer
- Implemented an enterprise mobility strategy that included use cases from
employees to B2B collaboration for a medium-sized energy company
- Lead Architect for a SaaS solution to enhance Intune capabilities
In addition to his partnership with AMTRA Solutions as a Principal Consultant for Modern Workplace, Kevin spends time blogging and speaking at various technical conferences such as TechMentor, Briforum, and Microsoft Management Summit. Kevin currently sits as vice president of the Calgary Microsoft User Group and the Calgary chapter of the Citrix User Group Community.

About

Checkyourlogs is a community blogging platform that focuses on the most current Microsoft and surrounding technologies. All of our bloggers are real-world experts, Microsoft MVPs, Cisco Champions, Veeam Vanguards and more. All views expressed on this site are independent.